• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

Check to See If Your Organization’s Credentials Were on Genesis Market

Dark web initial access marketplace Genesis Market has been seized, and organizations can check to see if they were compromised.

April 6, 2023 Zachary Comeau Leave a Comment

Genesis Market
A screenshot of the seized website.

Genesis Market, online criminal marketplace that advertised and sold packages of stolen credentials that threat actors use to compromise accounts in the financial sector, critical infrastructure and federal, state and local government agencies, has been dismantled by a coalition of international law enforcement agencies.

According to a news release from the U.S. Department of Justice, the Genesis Market’s website has been seized, and law enforcement is currently working to identity prolific users of the market who used those stolen access credentials to carry out cybercrimes. In addition, authorities have seized 11 domain names used to support Genesis Market’s infrastructure.

The DOJ says Genesis Market has since 2018 offered access to stolen data from over 1.5 million compromised devices around the world, containing over 80 million account access credentials. In addition to credentials, Genesis Market was “one of the most prolific initial access brokers” in the cybercrime world, authorities say, offering access often used by ransomware actors.

Authorities say the criminal marketplace was easy to use, giving users the ability to search for stolen credentials based on location and account type. The market also offered device fingerprints, unique combinaitons of device identifiers and browser cookies that circumvent anti-fraud detection systems used by many websites.

The combination of resources on Genesis Market allowed cybercriminals to essentially assume the identity of the victim, agencies say.

Cybersecurity company Trellix says it assisted in the investigation, helping law enforcement analyze and detect the malicious binaries linked to Genesis Market to render the market’s script and binaries useless.

In a blog, Trellix researchers say the market was the largest such resources for credentials, browser fingerprints and cookies. The market advertised on mostly Russian-speaking underground forums, and became a one-stop shop for account takeovers since its inception in 2018.

Genesis Market was largely used to target consumers, but Trellix says it has observed malicious detections across its enterprise sensors as well. The bulk of the malicious activity was detected in the Americas, with other activity in Europe and southeast Asia.

The marketplace has also been linked to malware families used to infect victims and populate the store, and they include common info-stealers such as AZORult, Raccoon, Redline and DanaBot, Trellix researchers say.

Credentials contained on Genesis Market have been provided to Have I Been Pwned, allowing people and organizations to assess whether their credentials have been available on the dark web marketplace.

The FBI is asking users of Genesis Market, those who were in contact with its administrators, or victims to contact the agency at [email protected]. In addition, Dutch Police have set up CheckYourHack to see if data was obtained and sold via the market.

Trellix also offers these recommendations for organizations and their IT and security administrators:

Train users in phishing and how to spot phishing – repeat training with test phishing emails for all users – users must be alert when it comes to links and attachments.

  • Be very careful with password protected archives, as they will pass through most email scanning and web proxies.
  • Check file extensions: a JPG, PDF or Document might not be what it looks like based on the icon! It can be an executable which disguises itself with its icon.

Implement web control and block access to any unknown/uncategorized websites.

Block or report any unknown application from communication to the/from the Internet – can be done by firewall solutions

Implement Adaptive Threat Protection (ATP) and configure Dynamic Application Containment (DAC) for unknown processes limiting what they can do.

Enable Exploit Prevention and enable signature for “Suspicious Double File Extension Execution” (Signature 413).

Protect session cookies with Exploit Prevention Expert rule.

Implement Expert rules which will trigger on any PowerShell or unknown / contained process accessing your session cookie?

  • C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Network\**\*.*
  • C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\**\*.*
  • C:\Users\**\AppData\Local\Microsoft\Edge\User Data\Default\Network\**\*.*

Implement Endpoint Detection and Response. It could detect some of the techniques identified such as malicious use of web protocols, process injection and tool transfers.

Implement strong and deep email scanning.

Implement strong and deep web gateway and blocking of uncategorized web-sites and have a quick and trusted procedure to add more websites if needed.

Please apply the Identity and Access Management (IAM) best practices as outlined by CISA.

Review your current visibility and detection capability on credential theft and privilege abuse.

Read Trellix’s blog for more information, including indicators of compromise.

Editor’s note: This article was originally published April 6, 2023 but has been updated as of April 20, 2023. 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, Dark Web, Identity Management, phishing

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.